[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)



I not sure it makes sense to regard "add" and "delete" as
separate levels from "write", nor can I (if the levels
are added) how to order "add" and "delete"... seems there
are reasonable arguments that add>delete and delete>add
or add<>delete.

Maybe we just need to split the "w"rite permission into "a"
(add) and "z" (delete), where =w is equivalent to =az,
but not add levels for add and delete?

BTW, is this mainly aimed at entry add/delete controls?
or attribute add/delete controls?

Kurt


At 08:28 AM 4/4/2005, Pierangelo Masarati wrote:
>I've also prepared an implementation of the granular write permissions (ITS#3631).  It's only for bdb/hdb at the moment.  If it looks fine, I can easily extend it to all backend types.  After this, I might try to work at extending the disclose feature to all operations and to other backend types (but no promises at the moment ;).
>
>Ciao, p.
>
>
>   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497